Trustworthy Computing in 2002
The multitude of virus and security related issues that occurred in 2001 left Microsoft with plenty of egg on their face. As a result of Microsoft's obvious failings the 'Trustworthy Computing' scheme was initiated, with its positive focus on reliability, security, privacy and business integrity. 2002 saw Microsoft marketing many 'initiatives' such as this, using names which stood for the opposite of how people actually felt about Microsoft and their software.
In a further bid to stop people from focusing on their failings, Microsoft decided to take a month out early in the year to perform a security review, apparently costing them $100 Million. Although appearing dedicated to become more secure, their security conscious 'plans' didn't do much for their attitude. Not only did they continue taking months (literally) to patch the multitude of fresh bugs that were appearing, but incidents such as the SSL flaw in August were deemed unimportant by Microsoft, and in the end they were forced (literally) to patch it. Their attitude against any reported bug was that if it didn't match their checklist criteria then they wouldn't fix it, even though it was in their power to do so.
Even by the end of the year Microsoft hadn't shown any real signs of change. In December Microsoft provided a patch for a flaw in Internet Explorer but downplayed its importance, rating it 'moderate' although experts said it was serious and could be exploited to take over a user's machine. This came at a time where Microsoft had just earlier modified their rating service so that fewer vulnerabilities would get the higher ratings. The flaw was one of many that were discovered by security company GreyMagic as early as October, and with the patch in December Microsoft still hadn't fixed 18 flaws found at that time, six of which were reported to be serious.
[ Read more ]